Malware

Malware.AI.4158159322 removal instruction

Malware Removal

The Malware.AI.4158159322 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4158159322 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • CAPE detected the NanoCore malware family
  • Collects information to fingerprint the system

How to determine Malware.AI.4158159322?



File Info:

name: DA775A32496E2A7D07F3.mlw
path: /opt/CAPEv2/storage/binaries/a445e776d907df86ff0c05b8aa68ec162707006dce6f409281431942f47cbdbb
crc32: 8E53B597
md5: da775a32496e2a7d07f37cc1d8cc4f4e
sha1: 55fa055e0d9406e177860dd520310d09a2324f96
sha256: a445e776d907df86ff0c05b8aa68ec162707006dce6f409281431942f47cbdbb
sha512: 69f4fee34119be9811ec1f12be87286db2b5c75f7b1ada465d91cc374a42a9de5113f135fb141fb0a43af1e797d6e36a077381d33781351ed1392d32ea8973f6
ssdeep: 12288:EOaaisOCibaBpEYZDhihOXcZmFdosUjqnSU:dxigp9ZDhCEFdDUeSU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8F4F1466794C61EC550B1F06B12D2BFAA704DB48C31AF92473DBA32357616BEE2E18C
sha3_384: f282e20ccb6141e508ef8ef9db24f8b3118159fabe65fae8452d2e26dde7d856a7757eaacbd5cd8f29284506b8af0e76
ep_bytes: 558bec81ec80010000535633db57895d
timestamp: 2007-03-31 15:09:55


Version Info:

0: [No Data]

Malware.AI.4158159322 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CAT-QuickHealTrojan.Orbus.C3
McAfeeTrojan-FICC!7B7C2D01218D
CylanceUnsafe
SangforBackdoor.Win32.Bladabindi.ml
K7AntiVirusTrojan ( 0057b88c1 )
K7GWTrojan ( 0057b88c1 )
Cybereasonmalicious.2496e2
CyrenW32/NanoCore.C.gen!Eldorado
SymantecTrojan.Nancrat
ESET-NOD32MSIL/NanoCore.E
APEXMalicious
AvastMSIL:NanoCore-B [Trj]
ClamAVWin.Trojan.NanoCore-9852758-0
KasperskyTrojan.MSIL.Agent.fpar
BitDefenderIL:Trojan.MSILZilla.4911
NANO-AntivirusTrojan.Win32.NanoBot.hmqoyu
MicroWorld-eScanIL:Trojan.MSILZilla.4911
Ad-AwareIL:Trojan.MSILZilla.4911
EmsisoftIL:Trojan.MSILZilla.4911 (B)
ComodoBackdoor.MSIL.Noancooe.JDE@5s4u9t
DrWebTrojan.Nanocore.23
TrendMicroBKDR_NOANCOOE.SM
McAfee-GW-EditionRDN/Generic.grp
FireEyeGeneric.mg.da775a32496e2a7d
SophosGeneric ML PUA (PUA)
IkarusBackdoor.Rat.Nanocore
GDataMSIL.Backdoor.Nancat.A
JiangminBackdoor.Generic.zwu
AviraTR/Dropper.MSIL.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.E68EA0
KingsoftWin32.Troj.Agent.FP.(kcloud)
ArcabitIL:Trojan.MSILZilla.D132F
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacIL:Trojan.MSILZilla.4911
MAXmalware (ai score=89)
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.4158159322
TrendMicro-HouseCallBKDR_NOANCOOE.SM
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazpuHp618sr5W9fxdvXWMhum)
YandexTrojan.Agent!XsuCdRja7H0
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.A0C!tr
BitDefenderThetaGen:NN.ZemsilF.34294.mmW@aOORPEl
AVGMSIL:NanoCore-B [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Malware.AI.4158159322?

Malware.AI.4158159322 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment